Personal data protection policy

Onet Luxemburg attaches great importance to the security of your personal data.

Indeed, as part of its activities and in order to provide you with the best services, Onet Luxemburg is required to process information that identifies you, known as "personal data" . As the data controller, Onet Luxemburg ensures that your personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679, ("GDPR").

This policy describes how Onet Luxemburg collects, uses, shares, protects and stores your personal data and describes the rights you have in relation to your personal data.

What is the RGPD?

At European level, the General Data Protection Regulation (better known by its acronym RGPD) came into force on May 25, 2018 in all European Union member states.

One of the aims of the RGPD is to harmonize all European legislation on the protection of personal data.

What is this page for?

The main purpose of this page is to inform you in a concise, transparent, comprehensible and easily accessible format about the uses made of your data by Onet websites.

This information will enable you to understand how your data is used, to know your rights, and how to exercise them with our services.

Who is the Data Controller?

Onet and its subsidiaries are responsible for the processing carried out on the websites.

ONET Group

36, boulevard de l'Océan

13009 Marseille


How can I contact the Data Protection Officer (DPO)?

Onet has appointed a Group Data Protection Officer who can be contacted at

The Data Protection Officer advises, informs and monitors compliance with personal data regulations.

Why do we use your personal data on the Websites?

The websites allow you to :

  • Receive & respond to requests from our Customers & Prospects via a contact form.
  • Receive & respond to requests from our Customers & Prospects via the Chatbot.
  • Carry out marketing operations such as CRM (customer relationship management) integration and cross-selling.
  • Send e-mail communications to customers who have not objected:
    • On products or services similar to those they have ordered.
    • On other products or services offered by the company
  • Manage the communications opposition list.
  • Manage your consent to cookies and other trackers.
  • Exercising your rights (RGPD).

What are the legal bases for processing?

  • Contact request (by form or chatbot): the legal basis for processing is consent.
  • Marketing operations: the legal basis is the company's legitimate interest in finding new Customers.
  • Sending communications by e-mail: the legal basis for processing is the company's legitimate interest in promoting our products or services to our customers.
  • Opposition list to communications: the legal basis is the legitimate interest of the data subject in making his or her choice effective.
  • Management of consents relating to cookies and tracers: the legal basis is the consent of Internet users.
  • Exercising individual rights: the legal basis is the law.

What data do we collect and use?

  • Contact request (by form or chatbot): Type of requester, last name, first name, phone number, email address, company, Country, Subject of your request, Message.
  • Marketing operations: Type of applicant, surname, first name, telephone number, e-mail address, company, position
  • Email communications: first name, last name, email address, company, position
  • Opposition list: surname, first name, email address
  • Cookie and tracker consent management: IP
  • Exercising your rights: name, surname, request, proof of identity, all data relating to your request.

Who will we share your data with?

We will communicate your personal data to the following recipients:

  • Authorized employees within the Group receive data according to their activities.
  • Subcontractors in charge of customer files, communications, Chatbot and cookie management are provided with data on an as-needed basis: Efficy (CRM), Didomi (CMP).

How long will we keep your data?

  • Data required for marketing operations (loyalty and prospecting actions): for the entire duration of the commercial relationship and three (3) years from the last contact.
  • Data concerning opt-out lists: three (3) years.
  • Data required to manage cookies : Twelve (12) months from last acceptance
  • Data relating to the exercise of rights: five (5) years from the end of the calendar year for all rights, with the exception of data relating to the right to object, which will be kept for six (6) years. If you have sent us proof of identity, this will be kept for one (1) year after receipt of the request if proof is required. Otherwise, the proof will be deleted immediately.

What are your rights?

You have the right to access, rectify or delete your personal data. You also have the right to portability and the right to limit the processing of your data.

If you receive communications whose legal basis is legitimate interest, then you can object either at the time of your message via the "I object" checkbox or via the link at the bottom of each newsletter.

As your consent is required for the choice of cookies and tracers, you can modify your choices at any time by clicking on this link:

How can I contact the DPO?

To exercise your rights or if you have any questions about the processing of your data under this system, please contact our Data Protection Officer (or DPO).

Contact our DPO by e-mail:
Contact our DPO by post:

Data Protection Officer
Groupe ONET
36, boulevard de l'Océan
13009 Marseille


How can I exercise my rights?

A specific page via this link allows you to exercise your rights: https: //

To exercise your rights, you must prove your identity by any means.

In case of doubt, we may ask you to provide additional information necessary for your identification.

If you wish to prove your identity by sending us a piece of identification, please make sure you send us only the black and white side. Do not send us your carte vitale!

Exercising your rights is free of charge. However, if your requests are repetitive, excessive or abusive, you may be charged a fee.

We will acknowledge receipt of your request to exercise your rights and respond to your request as soon as possible and no later than one (1) month from receipt of the request.

This period may be extended by two (2) months if the request is complex, for a total of three (3) months after receipt of your request.

In the latter case, we will inform you of the extension and explain the reasons for it.

How can I contact CNPD?

If, after having contacted us, you believe that your "Informatique et Libertés" rights have not been respected, you can submit a complaint to the CNPD, the Luxembourg National Commission for Data Protection:

Contact us
How to find us
Quotation simulators